[nsp-sec] List of vulnerable DNS resolvers
Wayne Bogan
wayne.bogan at Spirittelecom.com
Tue Jul 22 19:58:37 EDT 2008
ACK 2711, 6250
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Niels Provos
Sent: Tuesday, July 22, 2008 7:12 PM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] List of vulnerable DNS resolvers
----------- nsp-security Confidential --------
Hi,
as you know, the DNS flaw was leaked yesterday. At the moment, ~70%
of all resolvers on the Internet use static or trivially predictable
source ports. These resolvers/NAT devices need to be patched as soon
as possible. The CERT reference for this flaw can be found at:
http://www.kb.cert.org/vuls/id/800113
The flaw allows adversaries to inject almost arbitrary A or NS records
on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
legitimate domains.
You can find a list of vulnerable resolvers and corresponding AS numbers at:
https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt
These IP addresses are from recursive resolvers that showed very low
standard-deviation (<200) in their source ports according to
measurements conducted by David Dagon and myself over the last 7 days.
I released a small Python tool that you can use to test your own
resolver. You can download it from:
http://www.monkey.org/~provos/dnspredict.py
Instructions on how to use the tool can be found here:
http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html
Please, let me know if you have any questions.
Thank you,
Niels.
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list